Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

MacBoznyII

Posted 14 September 2011 - 09:30 PM

MacBoznyII

Member

Topic Starter

Member

20 posts

Thanks a lot for your help so far. I didn't notice anything wrong with it before "Security Protection" and Google Chrome not working. Chrome works now but except for that I'm not sure if it works any better or not. I do, however, have a few inquiries. Before I ran the second OTL fix and I believe after the first fix, all of my files were displaying the file extensions in the names (e.g. hat.jpg) but after the second scan they were gone. Also, if I download Limewire again is there any way for me to know for sure what files to and not to download?

MacBoznyII

Posted 15 September 2011 - 01:39 AM

MacBoznyII

Member

Topic Starter

Member

20 posts

There is one thing I've noticed besides the above. For some reason I keep getting the blue screen of death for seemingly NO REASON. I would be in the middle of something and all of a sudden a blue screen would pop up on my screen saying "Fatal error.....". It has happened about 4 times now and I've had to restart my computer every time.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next:

Click on the Avast ball from the taskbarclick on Scan Computerclick on Boot-Time Scanclick on SettingsA window will open and near the bottom you will see Ask, click the down arrow and select Move to ChestClick OK then Schedule Now.Reboot and let it run a scan. It may take hours.

Go here and install any available updates for you. One of these should be Service Pack 3.When all updates are finished downloading and installing, go again to that site and make sure that no other update is available

MacBoznyII

Posted 16 September 2011 - 09:09 PM

MacBoznyII

Member

Topic Starter

Member

20 posts

09/16/2011 18:27
Scan of all local drives

File C:\Program Files\EarthLink Setup\Windows\access\SpywareBlocker.msi|>Data1.cab|>ElShowSpyAbout.exe|>[UPX] is infected by Win32:Malware-gen, Move to chest: Error 42111 {The operation is not supported for this type of archive.}
File C:\Qoobox\Quarantine\C\WINDOWS\system32\msiexec.exe.vir is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0011626.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0011627.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011656.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011657.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011658.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011659.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011660.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011661.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011662.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011663.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011664.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011665.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0011685.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0011686.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0011687.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0011697.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0011698.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0012697.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0012698.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0013697.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0013698.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP31\A0014008.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0014036.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0014037.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0014051.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0014052.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0015051.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0015052.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0016051.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0016052.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0016063.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0016064.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016145.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016146.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016147.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016573.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016574.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016575.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016576.exe is infected by Win32:Kryptik-EQX [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0018231.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0018232.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018353.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018354.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018355.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018780.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018781.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018782.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018783.exe is infected by Win32:Kryptik-EQX [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020435.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020436.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020697.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020698.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020741.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020742.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020760.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020761.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020816.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020817.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0020897.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0020898.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP39\A0020925.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP39\A0021095.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP39\A0021096.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP43\A0021319.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP46\A0023345.ini is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP46\A0023356.old is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP46\A0023367.old is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0023405.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0023490.rbf is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0023529.rbf is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP48\A0023588.sys is infected by Win32:Alureon-AJI [Rtk], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP48\A0023751.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP60\A0024712.msi|>Data1.cab|>ElShowSpyAbout.exe|>[UPX] is infected by Win32:Malware-gen, Move to chest: Error 42111 {The operation is not supported for this type of archive.}
File C:\_OTL\MovedFiles\09132011_174002\C_Documents and Settings\All Users\Application Data\qwerty.exe is infected by Win32:Kryptik-EQX [Trj], Moved to chest
File C:\_OTL\MovedFiles\09132011_174002\C_Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe is infected by Win32:Patched-WQ [Trj], Moved to chest
File C:\_OTL\MovedFiles\09132011_174002\C_WINDOWS\3425845141:1791020339.exe is infected by Win32:Tiny-AMB [Rtk], Moved to chest
File C:\_OTL\MovedFiles\09132011_175848\C_Documents and Settings\Malcolm Hayles\Local Settings\Temp\1316.tmp is infected by Win32:Kryptik-EQX [Trj], Moved to chest
File C:\_OTL\MovedFiles\09132011_175848\C_Documents and Settings\Malcolm Hayles\Local Settings\Temp\1317.tmp is infected by Win32:Kryptik-EQX [Trj], Moved to chest
File C:\_OTL\MovedFiles\09132011_175848\C_Documents and Settings\Malcolm Hayles\Local Settings\Temp\1318.tmp is infected by Win32:Kryptik-EQX [Trj], Moved to chest
File C:\_OTL\MovedFiles\09142011_211613\C_WINDOWS\system32\c_12502.nl_|>P2P.V2.dll is infected by Win32:Alureon-AJI [Rtk], Moved to chest
Number of searched folders: 9746
Number of tested files: 378144
Number of infected files: 82

Advertisements

michaelg9

Posted 02 October 2011 - 03:44 AM

Congratulations! Your logs are clean! Now that you are clean, please follow these precautions in order to keep safe:

Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer.

Next:

Uninstall ComboFix from your computer:

Click on Start > Run

Type Combofix /Uninstall in the run box and click Ok. Note the space between the x and the /u, it needs to be there.

Next:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

Next:

Automatic Updates for Windows

Click Start.

Select Settings and then Control Panel.

Select Automatic Updates.

Click Automatic (recommended)

Choose a day and a time when you know the computer will be on and connected to the internet.

Click Apply then OK.

Next:

Additional security programs - For additional security, the use of these tools is important:

Malwarebytes Anti-Malware. - Update the free version and scan with it often. It is an excellent scanning tool to have on your side.

The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial